Multitenancy feature

The multitenancy feature allows users with tenant rights to perform certain administrative self-services via REST interface while sharing a single Airlock Gateway installation. It has been designed with essential maintenance functions for tenant-users in mind, while the main system administration stays under full control of the Airlock Gateway administrator.

Multitenancy can effectively distribute the load of an Airlock Gateway system-administrator for common basic maintenance tasks by offering REST-access to tenant-users with decided administrative responsibilities.

  • Tenant-users are identified by JSON Web Token (JWT). Their role is truncated to read and write their own configuration part only!
  • Through the tokens, the scope of services can be defined within the Role and rights management for tenant-users.
  • Typical applications
  • Enable a maintenance page as a tenant-user.
  • Uninterrupted maintenance as a tenant-user.

Solution design

For secure data and information separation, multitenancy requires authentication for each tenant-user. In our solution, we use a JSON Web Token (JWT) for authentication purposes towards the REST interface of the Airlock Gateway installation.

  1. Simplified process description
  2. Exemplary task:
    Service 1 needs to be updated. During this process, the service will be unavailable to end-users of tenant-user 1. For the duration of maintenance, all end-users of Service 1 should be informed via a maintenance webpage.

  3. The tenant-user sends an HTTP-request to the Airlock Gateway. This request contains the tenant-users JWT and the REST-command.
  4. The Airlock Gateway authenticates the tenant-user's REST-command by the JWT.
  5. With successful authentication, the REST-command changes the Airlock Gateway configuration. It activates the maintenance webpage for Service 1.
  6. For all end-users of Service 1, the maintenance webpage shows up. Other services or end-users of other services will not be affected.
Multitenancy_model_new